ESS v4.2.35.0 + rundll32.exe +Logs.

Discussion in 'ESET Smart Security' started by ZZZzzz, Mar 31, 2010.

Thread Status:
Not open for further replies.
  1. ZZZzzz

    ZZZzzz Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    3
    Hi there.

    On the last days I was getting rundll32.exe(/system32/) trying to connect through port 443 to a 65.xxx.xxx.xxx IP (seems a Microsoft one). I know that exe can be called by other apps to do anything but since ESS v4 does not report the "original" app trying to connect, Do you think it's safe to allow it? For now I got it to deny the traffic and did not notice anything wrong.

    I tried to let the pc idle to see if I could see which app is trying to do it with no extra processes running, but nah no way :p

    By other hand I got another problem with ESET Personal Firewall Log. I does not write anything there. All the filters are cheked and just left all the default values on Advanced Setup/Tools/Log Files. Anything I can do to get it working?

    Im running the 64bit version into a Win7 6.1.7600 64bit aswell.

    Tanks in advance.

    [EDIT] The other logs seems to be working fine.
    Oh, and I have not any virus/malware as far nod32/spybot and malwarebytes said :p
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    what is that MS ip address? You need to establish, assuming you have time, what software triggers that connection (are you using some MS software and what prior to alert) but as a rule if unsure do as you did, block unknown connections
     
  3. 3s3tUs3r

    3s3tUs3r Registered Member

    Joined:
    Mar 17, 2010
    Posts:
    4
    I had the same alert and I wondered about it also.
     
  4. a3_alin

    a3_alin Registered Member

    Joined:
    Mar 5, 2009
    Posts:
    59
    Location:
    Romania
    they seem to have two big problems with firewall log:
    1. It does not write anything there...
    or...
    2. not remove any appearance of logs and so formed a long line consists of programs and processes...
    how to solve this problem since the beta stage? with the next ess...
    and they still have many problems that are resolved so slowly... that's why I give up to ess.
     
  5. ZZZzzz

    ZZZzzz Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    3
    Here's the alert SS:
    http://img402.imageshack.us/img402/734/rdll.jpg
    It's microsoft IP, and I guess I can let it go.. but I wanna know what is trying to get from home :D

    Seems to be solved now. I went to Advanced setup/Personal Firewall/IDS and advanced options/Troubleshooting.
     
  6. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    it would help if you knew what app is triggering it but in any case use Wireshark to inspect the content.
     
Thread Status:
Not open for further replies.